{"id":57271,"date":"2024-05-23T15:48:11","date_gmt":"2024-05-23T15:48:11","guid":{"rendered":"https:\/\/news.talkwithrattan.com\/index.php\/2024\/05\/23\/cloudsek-says-threat-actors-are-spreading-fake-pegasus-spyware\/"},"modified":"2024-05-23T15:48:11","modified_gmt":"2024-05-23T15:48:11","slug":"cloudsek-says-threat-actors-are-spreading-fake-pegasus-spyware","status":"publish","type":"post","link":"https:\/\/news.talkwithrattan.com\/index.php\/2024\/05\/23\/cloudsek-says-threat-actors-are-spreading-fake-pegasus-spyware\/","title":{"rendered":"CloudSEK Says Threat Actors Are Spreading Fake Pegasus Spyware"},"content":{"rendered":"<div style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/i2.wp.com\/i.gadgets360cdn.com\/large\/cloudsek_telegram_pegasus_1716465276086.jpg?resize=1200,675&amp;ssl=1\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"CloudSEK Says Threat Actors Are Spreading Fake Pegasus Spyware\" title=\"CloudSEK Says Threat Actors Are Spreading Fake Pegasus Spyware\" \/><\/div><p> <br \/>\n<\/p>\n<div id=\"center_content_div\">\n<div class=\"content_text row description\">\n<p>CloudSEK, a cybersecurity firm, led an investigation after Apple&#8217;s <a href=\"https:\/\/www.gadgets360.com\/mobiles\/news\/apple-iphone-mercenary-spyware-attack-warning-countries-5417897\">threat notifications were sent<\/a> out to iPhone users in 92 countries last month, and found that soon after the advisory was released, the deep and dark web saw a rise of fake Pegasus spyware. Notably, Apple did not name any threat actors in association with its warning, but it did mention Pegasus spyware from the NSO group as an example. CloudSEK believes this could have led to scammers selling fraudulent malware as Pegasus source code.<\/p>\n<h2 id=\"details-of-cloudsek-s-investigation\">Details of CloudSEK&#8217;s investigation<\/h2>\n<p>After Apple&#8217;s <a href=\"https:\/\/support.apple.com\/en-in\/102174\" target=\"_blank\" rel=\"nofollow noopener\">warning<\/a> in April, CloudSEK researchers began delving into the deep and dark web, as well as the surface web to see whether authentic Pegasus spyware was available to purchase or if fraudsters were using its name to swindle potential buyers. In a <a href=\"https:\/\/www.cloudsek.com\/blog\/behind-the-advisory-decoding-apples-alert-and-spyware-dilemma\" target=\"_blank\" rel=\"nofollow noopener\">report<\/a> titled \u201cBehind the Advisory: Decoding Apple&#8217;s Alert and Spyware Dilemma\u201d, the cybersecurity firm stated that it frequented Internet Relay Chat (IRC) platforms. After analysing approximately 25,000 posts on <a href=\"https:\/\/www.gadgets360.com\/tags\/telegram\">Telegram<\/a>, researchers found that a major portion of the posts claimed to sell authentic Pegasus source code.<\/p>\n<p><span class=\"mt-enclosure mt-enclosure-image\" style=\"display: inline;\"><\/span><\/p>\n<p class=\"ins_instory_dv_caption\">CloudSEK&#8217;s investigation in Telegram<br \/><span class=\"ins_instory_span_credit\">Photo Credit: CloudSEK<\/span><\/p>\n<p>\u00a0<\/p>\n<p>These sale alert posts followed the same pattern. It used words such as <a href=\"https:\/\/www.gadgets360.com\/tags\/nso-group\">NSO<\/a> Tools and Pegasus to entice buyers. Interacting with more than 150 potential sellers of such \u201cPegasus\u201d spyware, the report found that the samples included source code, live video demonstrations of using the malware, and snapshots of the source code. These were all done with names suggesting Pegasus.<\/p>\n<p>Researchers also found six unique samples named <a href=\"https:\/\/www.gadgets360.com\/tags\/pegasus\">Pegasus<\/a> HNVC (Hidden Virtual Network Computing) posted on deep web between May 2022 and January 2024, suggesting the proliferation of these samples among threat actors. Similar instances were also found on the surface web.<\/p>\n<h2 id=\"cloudsek-s-findings\">CloudSEK&#8217;s findings<\/h2>\n<p>The cybersecurity group eventually obtained 15 samples and more than 30 indicators from various sources. However, it found that \u201cnearly all of them have been creating their own fraudulent, ineffective tools and scripts, attempting to distribute them under Pegasus&#8217; name to capitalise on Pegasus and NSO Group&#8217;s name for substantial financial gain.\u201d<\/p>\n<p>It is believed that groups of bad actors have used the sensationalism created by Apple&#8217;s advisory and multiple news reports mentioning the Pegasus name and used it to sell self-created random samples labelled Pegasus. While these spyware can still be nefarious and harm the victims, they are likely not associated with the NSO Group or Pegasus.<\/p>\n<p>The report has urged critical examination after an incident of a threat attack to correctly attribute the threat actors as it can both help cybersecurity firms in identifying and suggesting reinforcements and will ensure no panic is spread among people.<\/p>\n<hr\/>\n<div class=\"downloadtxt\"><i>Affiliate links may be automatically generated &#8211; see our <a href=\"https:\/\/www.gadgets360.com\/ethics\" target=\"_blank\" rel=\"noopener\">ethics statement<\/a> for details.<\/i><\/div>\n<\/div>\n<p class=\"downloadtxt margin_b20\">\n                For the latest <a href=\"https:\/\/www.gadgets360.com\/news\">tech news<\/a> and <a href=\"https:\/\/www.gadgets360.com\/reviews\">reviews<\/a>, follow Gadgets 360 on <a href=\"https:\/\/twitter.com\/gadgets360\" target=\"_blank\" rel=\"nofollow noopener\">X<\/a>, <a href=\"https:\/\/facebook.com\/gadgets360\" target=\"_blank\" rel=\"nofollow noopener\">Facebook<\/a>, <a href=\"https:\/\/whatsapp.com\/channel\/0029VaB3o5hHltY9SJbXg335\" target=\"_blank\" rel=\"nofollow noopener\">WhatsApp<\/a>, <a href=\"https:\/\/www.threads.net\/@gadgets.360\" target=\"_blank\" rel=\"nofollow noopener\">Threads<\/a> and <a href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMILm3AowtoHPAQ?hl=en-IN&amp;gl=IN&amp;ceid=IN%3Aen\" target=\"_blank\" rel=\"nofollow noopener\">Google News<\/a>. For the latest videos on gadgets and tech, subscribe to our <a href=\"https:\/\/www.youtube.com\/channel\/UCx5e1u7BX0aKwEj3sdYXdXg?sub_confirmation=1\" target=\"_blank\" rel=\"nofollow noopener\">YouTube channel<\/a>. If you want to know everything about top influencers, follow our in-house <a href=\"https:\/\/www.whosthat360.com\/\" target=\"_blank\" rel=\"noopener\">Who&#8217;sThat360<\/a> on <a href=\"https:\/\/www.instagram.com\/whosthat360\/\" target=\"_blank\" rel=\"nofollow noopener\">Instagram<\/a> and <a href=\"https:\/\/www.youtube.com\/@WhosThat360\" target=\"_blank\" rel=\"nofollow noopener\">YouTube<\/a>.            <\/p>\n<div class=\"story_nextprv\">\n<div class=\"left_story\">\n            <a href=\"https:\/\/www.gadgets360.com\/apps\/news\/google-photos-cinematic-moment-feature-videos-cinematic-clips-5728503\"><br \/>\n                <i class=\"sprite\"\/><\/p>\n<div class=\"story_image\">\n                    <img decoding=\"async\" class=\"lazy\" src=\"https:\/\/www.gadgets360.com\/static\/desktop\/images\/spacer.png\" data-original=\"https:\/\/i.gadgets360cdn.com\/large\/google_photos_thumbnail_1716461495264.jpg?downsize=90:68&amp;output-quality=70\" alt=\"\" width=\"90\" height=\"68\" loading=\"lazy\"\/>\n                <\/div>\n<p>                <span>Google Photos to Reportedly Get New Feature That Turns Videos Into Cinematic Clips<\/span><br \/>\n            <\/a>\n        <\/div>\n<div class=\"right_story\">\n            <a href=\"https:\/\/www.gadgets360.com\/ai\/news\/sam-altman-openai-content-agreement-news-corp-5728824\"><br \/>\n                <i class=\"sprite\"\/><br \/>\n                <span>Sam Altman&#8217;s OpenAI Signs Content Agreement With News Corp<\/span><\/p>\n<div class=\"story_image\">\n                    <img decoding=\"async\" class=\"lazy\" src=\"https:\/\/www.gadgets360.com\/static\/desktop\/images\/spacer.png\" data-original=\"https:\/\/i.gadgets360cdn.com\/large\/chatgpt_openai_reuters_thumb_1675831928499.jpg?downsize=90:68&amp;output-quality=70\" alt=\"\" width=\"90\" height=\"68\" loading=\"lazy\"\/>\n                <\/div>\n<p>            <\/a>\n        <\/div>\n<\/div>\n<p>    <!--\n\n<div class=\"adhead\">\n    <span>Advertisement<\/span>\n    \n\n<div id='div-gpt-ad-1667475893419-0' style=\"min-width: 728px; min-height: 90px; text-align:center;\">\n        \n    <\/div>\n\n\n<\/div>\n\n--><\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script async src=\"\/\/www.instagram.com\/embed.js\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/www.gadgets360.com\/internet\/news\/cloudsek-report-fake-pegasus-spyware-surge-apple-threat-notifications-5728760#rss-gadgets-news\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CloudSEK, a cybersecurity firm, led an investigation after Apple&#8217;s threat notifications were sent out to iPhone users in 92 countries last month, and found that soon after the advisory was released, the deep and dark web saw a rise of fake Pegasus spyware. Notably, Apple did not name any threat actors in association with its [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":57272,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","fifu_image_url":"https:\/\/i.gadgets360cdn.com\/large\/cloudsek_telegram_pegasus_1716465276086.jpg","fifu_image_alt":"","footnotes":""},"categories":[607],"tags":[330,828,56093,56090,2600,778,56091,56092,22067,28930,2888],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/posts\/57271"}],"collection":[{"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/comments?post=57271"}],"version-history":[{"count":1,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/posts\/57271\/revisions"}],"predecessor-version":[{"id":57273,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/posts\/57271\/revisions\/57273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/media\/57272"}],"wp:attachment":[{"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/media?parent=57271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/categories?post=57271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.talkwithrattan.com\/index.php\/wp-json\/wp\/v2\/tags?post=57271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}